[Tutor] cyrus interaction

Michael P. Reilly arcege@speakeasy.net
Tue, 25 Sep 2001 10:02:56 -0400 

On Tue, Sep 25, 2001 at 04:54:54PM +0400, Cerulean Rodent wrote:
> So this time I'm trying to automate the process of adding users to the Cyrus server. 
> A sample script that doesn't work: 
> 
> x = os.popen("cyradm -user mailadmin localhost")
> 
> x.write("mypassword")
> 
> So I can't even make it log on to cyradm. All I get in response is the following 
> message: 
> 
> application-specific initialization failed: error flushing "file1": broken pipe
> 
> Now where is the heinously idiotic mistake that I'm not aware of making? Ideas, 

It is not a mistake really, just a misunderstanding of how passwords
are read from most programs.  I see two possibilities here, I'll go over
the simplier one first.

If the cyradm program reads from standard input (which is uncommon for
programs), then you will want to open the popen for writing.
  x = os.popen("cyradm -user mailadmin localhost", "w")

If you need the output as well, you might look into the other pipe
functionality, the "popen2" module.  From there, you can get two file
objects, one for reading and one for writing.


But since passwords need to be secure, most programs read directly from
the terminal (/dev/tty), not from standard input.  Here you will need
something between your program and the "secure" program (like passwd(1)
and su(1)).  This "something" will opening a new pseudo-terminal that
fakes the program into thinking it is talking to a terminal, and not to
a program.

Expect is best known for this and there are Expect-like extensions written
for Python out there.  There is also the pty module which uses similar
underlying technology as Expect, but you have to do everything manually.

Hopefully the first will work for you, but for security sake, it would
be better if cyradm didn't get the password from stdin.

  -Arcege

PS: You might also look to see if the cyradm program can take the
password on the command-line.  Some do that, but it is even less secure
than reading from stdin (the password could be seen in a process listing).